Network access to over 7,000 organizations for sale on hacker forums
Hackers have breached 7,500 organizations and are selling network access on multiple Russian hacker forums.
An investigation by CyberNews.com reveals compromised networks located in the USA, Canada, and Australia which include educational, entertainment and bar industry organizations.
Hackers exploit business VoIP system vulnerability
Researchers at Check Point have uncovered a fraud operation targeting more than 1,200 business VoIP phone systems worldwide.
Hackers are exploiting vulnerabilities in the popular Sangoma and Asterisk VoIP phone systems to gain control of the system. They then seek to monetize that access by selling auto-generated calls and forcing systems to call premium numbers owned by the hackers to collect revenues, without the targeted business being aware.
Consumers overconfident of their connected device security
A new study from the National Cyber Security Alliance (NCSA) into perception and behavior around connected device security reveals that most US consumers are confident that the connected devices they own are secure.
However, the survey of 1,000 respondents in two age groups (500 aged 18-34 and 500 aged 50-75) reveals this confidence may be misplaced, along with some interesting generation gaps.
Google issues patches for two serious Chrome zero-day vulnerabilities
Google's Project Zero is very quick to point out security flaws in other company's products, but the search giant is far from being perfect itself. Two recently discovered zero-day vulnerabilities in Chrome have just been fixed with a new patch.
CVE-2020-16009 and CVE-2020-16010 are remote code-execution and heap-based buffer overflow flaws respectively and affect both the desktop and Android versions of Google's web browser.
Threat actors get more creative in their attacks
The latest quarterly threat intelligence report from Kaspersky shows that many actors behind advanced persistent threats (APTs) have continued to diversify their toolsets, at times resorting to extremely tailored and persistent tools.
At the same time though others have reached their goals by the employment of well-known, time-tested attack methods.
Google's Project Zero reveals details of 'high severity' security flaw with Microsoft's GitHub
Security issues are frequently exposed by Google's Project Zero; just days ago, security researchers revealed details of an actively exploited Windows Kernel Cryptography Driver security flaw.
Now Project Zero has released details of a serious security flaw in another Microsoft venture -- GitHub. The bug relates to GitHub Actions' workflow commands and is described as being high severity. It was discovered back in July but, as per the standard 90-day disclosure period, details are only just now being made public.
Small can be ugly when it comes to third-party cybersecurity
Digital transformation initiatives often involve closer relationships with other businesses, but these can expose a company to additional risk if the other party's security isn't up to scratch.
New research from CyberGRX, based on data collected from the third parties on its exchange, finds that company size correlates with the maturity of cybersecurity programs, more specifically, as companies get smaller, they have fewer controls in place and less mature programs.
How the pandemic has reinvigorated Emotet [Q&A]
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has recently put out a warning concerning a surge in activity from the group behind the Emotet trojan.
Emotet has been around for some time and has mostly been associated with banking trojans, but this year’s upsurge in activity has seen it branch out into other areas.
Hospitals and healthcare hit by global wave of ransomware
October has seen a 71 percent increase in ransomware attacks against the healthcare sector in the US compared to the previous month.
Elsewhere in the world, in EMEA, attacks increased by 36 percent and by 33 percent in the APAC region, according to research from Check Point.
SASE will top the cybersecurity priority list in 2021 [Q&A]
COVID-19 has caused many industries to experience an economic downturn, but cybersecurity isn't one of them.
Rather, cybersecurity is taking on newfound or heightened importance within many companies, as cybercriminals continue to exploit the global health crisis and associated business disruption to prey on unsuspecting work-from-home employees.
Remote working heightens risk but businesses slow to adapt
A new study from SafeGuard Cyber seeks to understand how businesses rate their own security and compliance risks in the new digital reality.
Respondents were asked to effectively grade their adaptations to date, say what gaps still exist, and how they are planning for the future. 31 percent of respondents report their entire business process has changed and is still evolving, while 26 percent say they’ve rushed certain projects that were scheduled for later.
Email compromise attacks are on the increase as tactics shift
Business email compromise (BEC) attacks have increased in six out of eight industries according to a new report from Abnormal Security.
The overall volume of BEC attacks increased 15 percent from Q2 to Q3, but the energy industry experienced a massive 93 percent rise.
Malware levels drop as attacks become more targeted
Overall malware levels have shown a 39 percent decline over the last quarter as attackers have switched to a more targeted approach.
The third quarter threat intelligence report from SonicWall Capture Labs records a 40 percent surge in global ransomware, a 19 percent increase in intrusion attempts and a 30 percent rise in IoT malware.
COVID-19's impact on enterprise security teams
A new survey of 600 enterprise IT security professionals from seven countries and 19 industries looks to generate an understanding on how the COVID-19 pandemic has affected the industry.
The study from CyberEdge reveals some surprising -- and less surprising -- insights into the changes that have taken place and the challenges they've presented.
Claroty offers remote incident management as part of its operational security platform
Digital transformation initiatives have meant IT and operational technology (OT) networks becoming more interconnected and the switch to remote working has only accelerated this.
In response to this trend, OT security specialist Claroty has updated its platform to offer remote incident management as a fully integrated capability that spans the entire incident lifecycle.
Recent Headlines
© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.